Joined: Dec 24, 2004 Posts: 194 Location: Michigan
Posted:
Mon Jun 06, 2005 8:35 am
so far i have found my nuke_config table to look like this
-- phpMyAdmin SQL Dump
-- version 2.6.1-pl3
--
Only registered users can see links on this board! Get registered or login to the forums!
--
-- Host: *******edited by me
-- Generation Time: Jun 06, 2005 at 07:10 AM
-- Server version: 4.0.16
-- PHP Version: 4.3.4
--
-- Database: `**********`edited by me
--
Joined: Dec 24, 2004 Posts: 194 Location: Michigan
Posted:
Mon Jun 06, 2005 9:28 am
thats what i am trying to remember now.....im thinking no ...i had just updated to the new version and yestarday imported info for the ip2c for usa and canada
Joined: Dec 24, 2004 Posts: 194 Location: Michigan
Posted:
Mon Jun 06, 2005 9:41 am
i can't get to my site C/P yet i need to change the "god" account they have changed this and deleted all other admin accounts...can you give me a quick DB insert ( info only ) so i can get "god acess" again for some stupid reason im not getting in my C/P probably cause im frustrated and over looking something
Joined: Dec 24, 2004 Posts: 194 Location: Michigan
Posted:
Mon Jun 06, 2005 9:56 am
Raven wrote:
Do you have the Admin and Author blocker settings turned on in your NukeSentinel(tm) Configuration?
no they were not activated but are now!! I'm such a block head
whats the site ive seen mentioned about PC killer or info on what it is ????
is this something i should report to someone ? and if so who do i send it to ? sorry for the " newbie" type questions still learning what i can about all this
THANKS FOR BEING HERE GREATLY APPRECIATED
Last edited by mds on Mon Jun 06, 2005 9:58 am; edited 1 time in total
Joined: Dec 24, 2004 Posts: 194 Location: Michigan
Posted:
Mon Jun 06, 2005 10:41 am
yup i did...why wasnt the IP listed ?
looks like all that was done was they added this info to my news module and deactivated 1 of my blocks that i reactivated :
TITLE :
<b><b><marquee><h1>Hacked by KRALKAYRA</h1></marquee></b></font></center><br></b>
Content:
<b><b><marquee><h1>Hacked by KRALKAYRA</h1></marquee></b></font></center><br></b>
<br><br><b>HACKER BY KRALKAYRA</b> <a target='top' href='kralkayra'><br>
<img border=0 src=http://kralkayrahan.sitemynet.com/logo2.gif></a>
<b>HACKER BY KRALKAYRA</b>
<b><b><marquee><h1>Hacked by KRALKAYRA</h1></marquee></b></font></center><br></b>
Joined: Dec 24, 2004 Posts: 194 Location: Michigan
Posted:
Tue Jun 07, 2005 8:03 am
i ran the search twice using the user_id (401 which if he wouldve registered regularly shoudlve been 399 ....sql injection ??)
and by username (kralkayra) and both returned no results ....
Joined: Jun 06, 2005 Posts: 7 Location: Oregon, USA
Posted:
Tue Jun 07, 2005 8:18 pm
mds,
I've got the guys IPs if you want them. I picked them up with the protector system which he got through, as well as the IP tracking module, so I have an idea of where he was going as well.
68.23.169.128 - adsl-68-23-169-128.dsl.chcgil.ameritech.net
was the one last used to access my site... I notified this host of abuse, evidently and SBDC ISP out of plano texas.
65.19.134.2 - is the one I believe was used to hack the site, through the forums by the look of it. 2608 URLs were hit by this IP from the kralkayra username.
Joined: Dec 24, 2004 Posts: 194 Location: Michigan
Posted:
Tue Jun 07, 2005 10:26 pm
excellent
that IP looks very familiar to me ...i think i seen it in my access logs but didnt show them as accessing any admin files...guess i better go back and have a better looky see
View next topic View previous topic
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
